Thread: [FIX] Preventing closing of applications during install
View Single Post
Hurrian is offline Hurrian
2013-11-19 , 12:11
Posts: 1,225 | Thanked: 1,905 times | Joined on Feb 2011 @ Quezon City, Philippines
#10
Originally Posted by juiceme View Post
True. What I'd say is ideal if it was possible to sign our kernels correctly or if there was a relatively easy way to bypass the signature verification in NOLO.

Now there's a worthy project to start hacking on
Now that's a paper moon :P

I was thinking more on the lines of inserting self-verifying routines into the Ubiboot kernel and userland - after building, portions of the binary are hashed and the hashes stored statically in the kernel (/proc/config.gz or early_param style?)

The entire mmcblk0 could be encrypted with dm-crypt, storing a signed ramdisk (the new /sbin/preinit) that asks for password with sillykbd - a 4-8 digit code can be salted and used as a key

The OMAP AES hardware should help with the speed impact this would entail. It also wouldn't provide device lock security, but a userland daemon with kernel helper could ask for a password every, 24h (user-configurable) or so, and shut down the device if the proper key isn't entered.

This would have the benefit of remaining mostly-transparent to Harmattan, actually even Nemo and other OSes.
__________________
N9 PR 1.3 Open Mode + kernel-plus for Harmattan
@kenweknot, working on Glacier for Nemo.